  |
 [How] To control # of connections to my server, my server and many downloads .. how to control this? |
  Jul 27 2007, 04:37 PM
Post
#1
|
|
|
Newbie Group: Members Posts: 2 Joined: 26-July 07 Member No.: 49,047  |
Hello
Below are my server details: Processor #1 Vendor: GenuineIntel Processor #1 Name: Intel® Xeon™ CPU 2.80GHz Processor #1 speed: 2799.994 MHz Processor #1 cache size: 512 KB Processor #2 Vendor: GenuineIntel Processor #2 Name: Intel® Xeon™ CPU 2.80GHz Processor #2 speed: 2799.994 MHz Processor #2 cache size: 512 KB Processor #3 Vendor: GenuineIntel Processor #3 Name: Intel® Xeon™ CPU 2.80GHz Processor #3 speed: 2799.994 MHz Processor #3 cache size: 512 KB Processor #4 Vendor: GenuineIntel Processor #4 Name: Intel® Xeon™ CPU 2.80GHz Processor #4 speed: 2799.994 MHz Processor #4 cache size: 512 KB I want to open the download from my server for all my forum members. I am afraid from that because its may cause trouble to my server so how can I control this? By controlling the download rate? Or what's the proper way? Regards 
|
 |
 
|
|
Jul 27 2007, 05:34 PM
Post
#2
|
|
 Fellow  Group: Members Posts: 173 Joined: 11-December 06 From: Cleveland, Ohio / BGSU Bowling Green, Ohio Member No.: 25,561 |
Well I heard there's some ways with Apache but never got them to work. Lighttpd has max speed per connections and max speed per server options if you want to use that. There's some bugs with the Lighttpd way that I noticed, however. My prefered way is to use iptables to classify/mark packets and tc (part of the iproute2 package) to actually do packet shaping and control speeds based on your iptables settings.
http://gentoo-wiki.com/HOWTO_Packet_Shaping I use it at home, too, because my upstream bandwidth is limited and I like to get all I can in the household  Here's a bit of the iptables/tc setup I use at home and is pretty much adaptable to a server environment: iptables rules: CODE # give "overhead" packets highest priority iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --syn -m length --length 40:68 -j CLASSIFY --set-class 1:10 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j CLASSIFY --set-class 1:10 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j CLASSIFY --set-class 1:10 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --tcp-flags ALL RST -j CLASSIFY --set-class 1:10 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --tcp-flags ALL ACK,RST -j CLASSIFY --set-class 1:10 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --tcp-flags ALL ACK,FIN -j CLASSIFY --set-class 1:10 # interactive SSH traffic iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --sport ssh -j CLASSIFY --set-class 1:20 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp -m multiport --dport ssh,4123 -j CLASSIFY --set-class 1:20 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp -d xx.xx.xx.xx --dport 9000 -j CLASSIFY --set-class 1:20 # interactive mail or web traffic iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp -m multiport --sport http,imap,https,imaps,smtp -j CLASSIFY --set-class 1:30 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp -m multiport --dport http,imap,https,imaps,smtp,aol,1863,5050 -j CLASSIFY --set-class 1:30 # dns lookups iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --dport domain -j CLASSIFY --set-class 1:30 # ICMP, UDP iptables -t mangle -A POSTROUTING -o ${IFext} -p udp -j CLASSIFY --set-class 1:40 iptables -t mangle -A POSTROUTING -o ${IFext} -p icmp -m length --length 28:1500 -m limit --limit 2/s --limit-burst 5 -j CLASSIFY --set-class 1:40 # bulk traffic iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --dport irc -j CLASSIFY --set-class 1:50 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp -m multiport --dport ftp,ftp-data -j CLASSIFY --set-class 1:60 iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp -m multiport --sport ftp,ftp-data -j CLASSIFY --set-class 1:60 CODE tc qdisc add dev ${IFext} root handle 1: htb default 60 tc class add dev ${IFext} parent 1: classid 1:1 htb rate 270kbit tc class add dev ${IFext} parent 1:1 classid 1:10 htb rate 128kbit ceil 270kbit prio 0 tc class add dev ${IFext} parent 1:1 classid 1:20 htb rate 64kbit ceil 270kbit prio 1 tc class add dev ${IFext} parent 1:1 classid 1:30 htb rate 56kbit ceil 270kbit prio 2 tc class add dev ${IFext} parent 1:1 classid 1:40 htb rate 24kbit ceil 270kbit prio 3 tc class add dev ${IFext} parent 1:1 classid 1:50 htb rate 18kbit ceil 270kbit prio 4 tc class add dev ${IFext} parent 1:1 classid 1:60 htb rate 10kbit ceil 270kbit prio 5 tc qdisc add dev ${IFext} parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev ${IFext} parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev ${IFext} parent 1:30 handle 30: sfq perturb 10 tc qdisc add dev ${IFext} parent 1:40 handle 40: sfq perturb 10 tc qdisc add dev ${IFext} parent 1:50 handle 50: sfq perturb 10 tc qdisc add dev ${IFext} parent 1:60 handle 60: sfq perturb 10 Note how you can set rate ceilings, guaranteed rates, etc. -------------------- The Planet customer since May, 2004:
- Dual Xeon 2.8GHz HT // 2GB RAM // 120GB HDD // 160GB HDD // RedHat Enterprise 4 // cPanel EV1 Private Rack customer since December, 2006: - 1x Dual Dual-Core Opteron 265 // 2GB RAM // 3x73GB SCSI HDD // RAID 5 // Red Hat Enterprise 4 - 4x Dual Dual-Core Opteron 265 // 2GB RAM // 2x73GB SCSI HDD // Red Hat Enterprise 4 - 2x Dual Dual-Core Opteron 2212 // 2GB RAM // 2x146GB SAS HDD // Red Hat Enterprise 4 - Foundry ServerIronXL Load Balancer // Cisco PIX 525 Firewall // Gigabit Switch // Gigabit Uplink |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 2nd September 2010 - 09:44 AM |